<?php
define('IN_SCRIPT',1);
define('HESK_PATH','./');

/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/database.inc.php');

hesk_session_start();

function generatenew() {
    $length = 8;

	// start with a blank password
    $password = "";

    // define possible characters - any character in this string can be
    // picked for use in the password, so if you want to put vowels back in
    // or add special characters such as exclamation marks, this is where
    // you should do it
    $possible = "2346789bcdfghjkmnpqrtvwxyzBCDFGHJKLMNPQRTVWXYZ";

    // we refer to the length of $possible a few times, so let's grab it now
    $maxlength = strlen($possible);
  
    // check for length overflow and truncate if necessary
    if ($length > $maxlength) {
      $length = $maxlength;
    }
	
    // set up a counter for how many characters are in the password so far
    $i = 0; 
    
    // add random characters to $password until $length is reached
    while ($i < $length) { 

      // pick a random character from the possible ones
      $char = substr($possible, mt_rand(0, $maxlength-1), 1);
        
      // have we already used this character in $password?
      if (!strstr($password, $char)) { 
        // no, so it's OK to add it onto the end of whatever we've already got...
        $password .= $char;
        // ... and increase the counter by one
        $i++;
      }

    }

    // done!
    return $password;
}

$action = $_REQUEST['a'];

if($action == "change"){
	$email = $_POST['lg_email'];
    hesk_dbConnect();
    //Check user pwd
    $sql = "SELECT * FROM ".hesk_dbEscape($hesk_settings['db_pfix'])."member WHERE `email`='$email' LIMIT 1";
    $result = mysql_query($sql);
    $found = mysql_num_rows($result);
	
    if($found == 1) {
        $result = hesk_dbFetchAssoc($result);
        $name = $result['nama_depan']." ".$result['nama_belakang'];
        $newpass = generatenew();
        $pass = md5($newpass);
        $sql = "UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."member` SET `password`='$pass' WHERE `email`='$email' LIMIT 1";
        $result = mysql_query($sql);
            //Send Email
            /* Format e-mail message for customer */
            $msg = "
            Hi ".$name.",  

            This is an automated email message.
            New password has been provided for you. You may now submit and view your support tickets again.

            Your log in details are :
            Username : ".$email."
            Password : ".$newpass."

            Regards,
            Bamboomedia Healthy Life System
            ";

            /* Send e-mail */
			
			$headers = "From: $hesk_settings[noreply_mail]\n";
			$headers.= "Reply-to: $hesk_settings[noreply_mail]\n";
			$headers.= "Return-Path: $hesk_settings[webmaster_mail]\n";
			$headers.= "Content-type: text/plain; charset=".$hesklang['ENCODING'];
			
			@mail($email,"Bamboomedia Support Registration",$msg,$headers);
			
        header("Location: forgotpwd.php?a=success");
    } else {
        //Check doctor pwd
        $sql = "SELECT * FROM ".hesk_dbEscape($hesk_settings['db_pfix'])."users WHERE `email`='$email' LIMIT 1";
        $result = mysql_query($sql);
        $found = mysql_num_rows($result);
        if($found == 1){
            $result = hesk_dbFetchAssoc($result);
            $name = $result['name'];
            $newpass = generatenew();
            $pass = hesk_Pass2Hash($newpass);
            $sql = "UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` SET `pass`='$pass' WHERE `email`='$email' LIMIT 1";
            $result = mysql_query($sql);
               //Send Email
                /* Format e-mail message for customer */
                $msg = "
                Hi ".$name.",  

                This is an automated email message.
                New password has been provided for you. You may now submit and view your support tickets again.

                Your log in details are :
                Username : ".$email."
                Password : ".$newpass."

                Regards,
                Bamboomedia Healthy Life System
                ";

                /* Send e-mail */
                $headers = "From: $hesk_settings[noreply_mail]\n";
                $headers.= "Reply-to: $hesk_settings[noreply_mail]\n";
                $headers.= "Return-Path: $hesk_settings[webmaster_mail]\n";
                $headers.= "Content-type: text/plain; charset=".$hesklang['ENCODING'];
                @mail($email,"Bamboomedia Support Registration",$msg,$headers);
            header("Location: forgotpwd.php?a=success");
        } else {
            header("Location: forgotpwd.php?a=retry");
        }
    }
} else {
    require_once(HESK_PATH . 'inc/header.inc.php');
?>

</td>
</tr>
</table>
</div>

<h3 align="center"><?php echo $hesklang['forgot_pwd']; ?></h3>
<h5 align="center"><?php echo $hesklang['insertemail']; ?></h5>
<?php
if($action == "retry"){
    echo "<div align='center' style='margin:10px;'><div class='notif-login  notif-fail'>Email tidak terdapat di database. ";
    echo "</div></div>";
} elseif($action == "success") {
    echo "<div align='center' style='margin:10px;'><div class='notif-login  success'>Password baru telah diemail ke email anda, silahkan cek email anda dan login kembali. Terimakasih";
    echo "</div></div>";
}
?>
<div id="forgotpwd">
    <table width="100%" border="0" cellspacing="0" cellpadding="0">
        <tr>
            <td width="7" height="7"><img src="img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
            <td class="roundcornerstop"></td>
            <td><img src="img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
        </tr>
        <tr>
            <td class="roundcornersleft">&nbsp;</td>
            <td valign="middle" height="100">
                <table width="100%" border="0" cellspacing="0" cellpadding="0" style="padding:10px 0;">
                    <tr>
                        <td width="100" style="text-align:center;"><img src="img/login.png" alt="" width="32" height="32" /></td>
                        <td width="383">
                            <form action="forgotpwd.php?a=change" method="post">
                                <table width="100%" border="0">
                                    <tr>
                                        <td width="86">Email</td>
                                        <td width="10">:</td>
                                        <td width="47"><input type="text" name="lg_email" style="width:180px;"/></td>
                                    </tr>
                                    <tr>
                                        <td height="21">&nbsp;</td>
                                        <td>&nbsp;</td>
                                        <td><input type="submit" value="<?php echo $hesklang['s']; ?>" class="yellowbutton" onmouseover="hesk_btn(this,'yellowbuttonover');" onmouseout="hesk_btn(this,'yellowbutton');" style="font-size:14px;height: 22px;" /></td>
                                    </tr>
                                </table>
                            </form>
                        </td>
                    </tr>
                </table>
            </td>
            <td class="roundcornersright">&nbsp;</td>
        </tr>
        <tr>
            <td><img src="img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
            <td class="roundcornersbottom"></td>
            <td width="7" height="7"><img src="img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
        </tr>
    </table>
</div>
<div style="margin-top: 10px">
<a style="display: block;" href="index.php"><h5 align="center"><?php echo $hesklang['back_home']; ?></h5></a>
</div>

<?php
}
require_once(HESK_PATH . 'inc/footer.inc.php');
